I'm relatively new to SharePoint development so please excuse the question if it is an obvious one.

Environment
I have a site hierarchy that looks like this
Client DashboardClient sites (one or more)Project Sites (one or more)

Our clients will have admin rights on their own client sites and the project sites underneath it, but only we will have admin rights on the client dashboard level.

The Question/Issue

We have a master list on the client
dashboard that contains items for all
clients and includes a column each
indicating which client and project
the item corresponds to.

I want to make a filtered version of the master list available for use on client and project sites, but it needs to be filtered to only the relevant items (using the columns) for the site it is on.

The list will be read-only at the client and project level.

The users of the client and project sites need to be able to set alerts on the list items that are displayed on their sites.

IMPORTANT - It needs to be secured such that there is no way for a client to remove the filter, even though they are admins on the client site and project site level.

I'm thinking a view on the list/web-part wouldn't work because all a client (who is a site admin at the project/client levels) would need to do to see another client's stuff is remove the filter in the GUI.

Theoretical Approach(es)
The only ways I can think of to make this work are:
(a) Create an external content type that pulls the information for the lists on the client/project sites from the master list.It would filter then and use impersonation to be able to access the list which the user won't be able to see direction.

(b) Create a web part that pulls the filtered info from them master list again using impersonation. I guess I'd have to drop some controls on the web part that get the info for desired alerts and set them up in code using impersonation.

I'm not even sure (a) is possible, and (b) has me re-inventing a lot of pre-existing functionality provided by sharepoint, which I'd like to avoid.

Is there a better option (c)? Do you veteran SharePointers see any hidden landmines with (a) or (b)? Any help is appreciated.

1 Answer
1

What about item level permissions on the master list? Usually I discourage this, but here it could be a good solution. Set up the list so that by default a new item gives no one in the clients permission to view. Then set the permissions for each new item to allow only the proper client to see it. (You could use a workflow to assist with the process.)

Using this approach, all you need is a plain old list view in each client site. The permission settings would do the filtering for you.

Interesting idea. Maybe I could set up an event receiver so that whenever a list item is modified it gave permissions to the appropriate users.
–
JohnFxMay 30 '11 at 3:21

Depending how often those list items will change, just taking care of it manually might be fine. Or simply put it through an SPD workflow so that you have a QA step before publishing the item using versioning.
–
Marc D AndersonMay 30 '11 at 3:36

The items are mostly added by an automated process. After which a user manually adds a project code to each indicating which project site it is relevant to (and thus should show up on). A QA step would be overkill. It is going to be a lot of items.
–
JohnFxMay 30 '11 at 3:47